Out-of-bounds write in Linux kernel - CVE-2026-53366

 

Out-of-bounds write in Linux kernel - CVE-2026-53366

Published: July 17, 2026


Vulnerability identifier: #VU138176
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53366
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to an out-of-bounds write in __ip_append_data() when processing IPv4 packet data on the paged allocation path. A local user can trigger the faulty length calculations to cause a denial of service.

The issue occurs because fraggap bytes copied from the previous skb are placed into the new skb linear area while the allocation size does not account for those bytes.


How to mitigate CVE-2026-53366

Install security update from vendor's repository.

Sources